The rapid growth of the Internet in recent years has brought cyber security to the forefront of critical issues for enterprises such as corporations and other entities. Today, many enterprises have almost all their critical and non-critical data resources in a manner that is reachable on-line via the Internet. Moreover, large numbers of employees of these enterprises are provided with access to email and/or other social media or electronic communication. Often employees access such electronic communication resources from within the computing environment of the enterprise.
High value enterprises are frequently targeted by cyber criminals, hactivists and nation states in order to steal intellectual property, trade secrets, sensitive information and customer data, to disrupt business operations and cause harm to businesses, or to obtain unauthorized access for any number of other reasons against the interests of these enterprises. Many enterprises make substantial investments in security technologies that protect against network and system vulnerabilities. However, these conventional efforts often do not adequately protect the enterprise from human vulnerabilities that pose similar or even greater security risks. Threat actors (e.g., cyber criminals, hactivists and nation states) frequently take advantage of human vulnerabilities in enterprise security posture through targeted attacks such as spear-phishing and longer term slow & low social engineering. These types of attacks leverage email to reach an unsuspecting email user in an enterprise. The content of these emails are designed to trick recipients of such emails into a potentially risky action such as, for example, opening an attachment, clicking on a weblink embedded in the email content, opening the email which then automatically activates malicious content, or simply providing requested sensitive information. These actions, once committed by an email user, may then result in compromising the security of the enterprise, further resulting in the threat actor finding a foothold within the enterprise for exfiltration of confidential and/or otherwise sensitive data or for exploitation of sensitive systems within the enterprise.
The tools and techniques used by threat actors keep changing and adapting to the conventional security techniques currently in use. In order to better protect enterprises from cyber threats, it is desirable to provide systems and techniques that can efficiently and effectively detect and/or handle various types of cyber attacks committed via communication channels, such as, email.